Presently, computers are generally used while being connected to each other via networks, and networks that incorporate hubs, LAN switches, routers, etc., have come to be constructed not only in companies but also in general households. Also generally in a company, a dedicated network, such as an intra-company LAN or WAN is constructed and server computers with various functions that suit the forms of business of respective departments are used upon being connected to this network. Individual employees connect personal computers or other client computers to the network and perform work while carrying out transactions of data with the server computers.
Security management is extremely important in operating a computer system using such a network. That is, not only must the respective computers connected to the network be protected against unauthorized access by external hackers but also operation, of a form wherein even employees belonging to the same company are respectively subject to unique access restrictions that are in accordance to each employee's department and job responsibilities, is essential.
Various security management arts have thus been proposed for computer systems using networks. For example, Japanese Unexamined Patent Publication No. 2000-10930 and Japanese Unexamined Patent Publication No. 2003-122635 disclose arts for managing unique access rights according to each individual user in a computer system wherein client computers and server computers are connected via a network.
Conventional security management methods, including the arts disclosed in the aforementioned patent publications, are based on a basic concept of setting predetermined access rights according to each individual user. That is, in a generally implemented form of operation, each user is provided with a predetermined account (username) and a password, predetermined access rights are set for each individual account, and when a login procedure by a specific account is performed, the password is verified to confirm that the login procedure is legitimate and then access within the access right range set for that account is enabled.
Although the basic policy of setting specific access rights according to each individual user is extremely rational from a broad perspective, many recent situations, wherein the contents of business forms using a computer system are becoming more and more complex, cannot necessarily be accommodated just by such a basic policy. In particular, with a company with a large number of employees, the existence of employees who will perform an illicit act cannot be denied completely and it is thus dangerous to completely trust individual employees and provide the same access right unconditionally under all circumstances.
An object of this invention is to provide a computer system that enables different access rights to be set for individual users according to circumstances (according to the computers and network environment used).